The notorious ShinyHunters hacker collective claims to have stolen troves of data from American fashion giant Ralph Lauren. Customer data and unreleased products are allegedly exposed.
-
ShinyHunters claims it stole more than 220GB of Ralph Lauren data, including customer PII and transaction information.
-
The hackers also allege the breach exposed unreleased Ralph Lauren products planned for 2027 and beyond.
-
Ralph Lauren has not confirmed the incident, and no public data sample was provided to independently verify the claims.
-
Attackers say they may publish the stolen Ralph Lauren data on June 14th as part of an extortion attempt.
ShinyHunters posted Ralph Lauren Corporation on its dark web blog, which the gang uses to showcase its latest victims. According to the post, attackers obtained a humongous dataset totaling over 220 GB.
“Over 220GB of data containing customer PII, purchase/transaction info, future unreleased releases from 2027 and onward, and more was compromised,” the attackers claim.
Ralph Lauren Corporation is a major fashion company with yearly revenue exceeding $6.6 billion and an employee headcount of over 23,000. The brand also operates in over 550 locations worldwide.
We have reached out to the company for comment, and we will update this article once we receive a reply.
The attackers’ post does not include any data sample, so at the time of writing, it is impossible to verify the claims. However, ShinyHunters have been among the most prolific gangs in recent months, and their claims are typically valid.
The attackers say they will publish the Ralph Lauren data on June 14th. Threat actors often threaten victims before leaking the data to pressure them into paying the ransom. However, security experts note that meeting attacker demands invites other cybercriminals and does not guarantee that malicious actors will delete stolen data.
There are numerous ways that attackers can exploit stolen details. Customer personally identifiable information (PII) could be exploited in social engineering, identity theft, and phishing attacks.
Meanwhile, unreleased products could harm the company’s research and development process, causing millions of dollars in damages.
ShinyHunters has built a reputation for high-impact data theft and extortion operations. Most recently, the gang dominated headlines after severely impacting the education platform Canvas, hitting American schools during finals week.
Financial giants Ameriprise Financial and Mercer Advisors were also targeted this year. Identity protection firm Aura saw 900,000 records leaked. GTA’s creators, Rockstar Games, confirmed it was among the latest names added to the list.
The group has been active since 2019. Security researchers have linked the group to a broader supergroup alongside Scattered Spider and LAPSUS$, all of which share overlapping members and roots in the youth cybercrime subculture known as "The Com."
Arrests across Canada, France, Turkey, and Finland seem not to have deterred gang members from targeting established brands.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked